Abstract
Memory errors, such as stack and integer vulnerabilities, still rank among the top most dangerous software security issues. Existing protection techniques, like Address Space Layout Randomization and Stack-Smashing Protection, prevent potential intrusions by crashing applications when anomalous behaviours are detected. Unfortunately, typical networking server architectures, such as web servers ones, limit the effectiveness of such countermeasures. Since memory error exploits usually rely on highly specific processor characteristics, the same exploit rarely works on different hardware architectures.
Protection by means of diversification (artistic draw).
We propose a novel strategy to thwart memory error exploitation by dynamically changing, upon crash detection, the variant executing the networking server. Required software diversification among variants is obtained using off-the-shelf cross-compilation suites, whereas hardware diversification relies on processor emulation. The proposed case study shows the feasibility and effectiveness of the approach to reduce the likelihood, and in some cases even prevent the possibility, of exploiting memory errors.
Benefits
What is the right decision when the server may be under attack?
Shall I
We provide an effective solution to this issue:
- shutdown the service, in order to prevent an intrusion, or
- maintain the continuity of the service, at the risk of a break-in?
Maintain the continuity, but switch to a degraded mode (with less thoughput, but
much harder to break).
Key ideas
- The proposed approach relies on the use of already existing cross-compilers (the GCC toolchain suite) to generate variants, one for each target architecture.
- Each variant is executed by the corresponding system emulator.
- Our technique relies on the existing detection and protection techniques (stack-guard, ASLR, etc.).
- When an attack is detected (the process crashes) the service is attended by another variant.